package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.Scanner;

public class JDBCDemo9 {
    public static void main(String[] args) {
        Scanner sc = new Scanner(System.in);
        System.out.println("请输入用户名");
        String username = sc.next();
        System.out.println("请输入密码");
        String password = sc.next();

        try(Connection connection = DBUtil.getConnection();) {
            String sql = "SELECT id,username,password,nickname,age "+
                    "FROM userinfo "+
                    "WHERE username =?  AND password=?";
            PreparedStatement ps = connection.prepareStatement(sql);
            ps.setString(1,username);
            ps.setString(2,password);//a' OR '1' = '1
            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                String nickname = rs.getString("nickname");
                System.out.println("登录成功,欢迎【"+nickname+"】回来");
            }else{
                System.out.println("登录失败");
            }


        } catch (SQLException e) {
            e.printStackTrace();
        }
    }
}
